is there any way to do it without having to patch the kernel? what about with ip rules? thanks alot, -Nathan Quoting Dave Strydom <strydom.dave@xxxxxxxxx>: > download the patch-o-matic-ng for iptables and use the ROUTE patch. > > http://www.netfilter.org/patch-o-matic/pom-extra.html#pom-extra-ROUTE > > you can then do rules like this: > > iptables -A POSTROUTING -t mangle -p TCP -s 172.16.0.1 -j ROUTE --gw 1.1.1.1 > iptables -A POSTROUTING -t mangle -p TCP -s 172.16.0.2 -j ROUTE --gw 2.2.2.2 > > Regards > Dave > > On 9/22/06, Nathan <lists@xxxxxxxxxxxx> wrote: > > Hi We have 2 ISP providers each have given us static ip addresses. On both > ISP > > we run a web server (we should say isp1 is 1.1.1.1 eth1 and isp2 is > 2.2.2.2 > > eth2). Our problem is that right now we have NAT running that nat 1.1.1.1 > to > > the internal server of 172.16.0.1 and then 2.2.2.2 nat to 172.16.0.2 (which > is > > the same server and ip2 is second ip on the same interface eth0). When > traffic > > traverses the firewall to the server and then comes back out the traffic > will > > always want to use the default gateway which resides on eth1 even though > the > > traffic initiated from eth2. > > > > what we want is that if traffic comes in 2.2.2.2 to go to 172.16.0.2 then > the > > linux firewall/router will send the traffic back out the same interface > that > > the traffic initiated from. We think it can be done with ip rules or with > > CONFIG_IP_NF_CONNTRACK_MARK . If anyone has some examples, ideas or can > help > > us with this configuration that would be greatly appreciated. > > > > > > > > Thanks alot!! > > - Nathan > > > > > > > > > Thanks - Nathan - http://www.linuxcare.ca
